Report: Newegg Data Breach Exposed Customer Credit Card Info

Some Newegg customers reportedly had their credit card info nicked, as hacking group Magecart strikes again.

Security researchers RiskIQ said Wednesday that Magecart inserted malicious code into the payments system of the hardware and electronics retailer and made off with charge card data.

The nasty code was running on the Newegg site from Aug. 14 until Sept. 18, according to RiskIQ, which researched the incident with cybersecurity firm Volexity. The attack affected both desktop and mobile customers, according to RiskIQ. It’s unclear how many customers were hit.

Newegg didn’t immediately respond to a request for comment on the RiskIQ report.

The retailer appears to be the latest victim of Magecart, which RiskIQ researchers say is also responsible for recent hacks against British Airways and Ticketmaster.

Earlier this month, British Airways said it was investigating a data breach and the theft of customer info. The company said the breach was resolved but customers’ personal and financial information was exposed if they’d made bookings during the previous couple of weeks. Roughly 380,000 card transactions were reportedly affected.

“These attacks are not confined to certain geolocations or specific industries—any organization that processes payments online is a target,” said Yonathan Klijnsma, a threat researcher at RiskIQ, in an email statement. “The latest breach of Newegg demonstrates the true extent of Magecart operators’ reach.”

Security: Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.